By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Although Symantec has not named the third party, the hacker group that posted a file on Pastebin that it said described the confidential workings of Symantec’s Norton Antivirus threat-detection product, said it had discovered Symantec’s source code in a hack they conducted on India’s military and intelligence servers, which is possible because many governments require source code from suppliers to prove the software is not spyware.

As a security firm, no doubt Symantec has extremely sophisticated systems in place to protect its data, but a huge range of external suppliers, from marketing to accountants to legal firms, can all be potential vulnerabilities, says Paul Vlissidis, technical director at NGS Secure, an NCC Group company.

“These suppliers may hold customer data, employee data or, as in this case, intellectual property that is hugely valuable to competitors,” he says, citing as an example the hacking of US-based email marketing firm Epsilon which affected many of its clients.

At the time, Paul Ducklin, head of technology for security firm Sophos in the Asia Pacific region said that as a cloud provider of electronic direct marketing services, a security breach of the Epsilon system was a breach of all its customers’ systems, too.“If the security of third party suppliers isn’t validated you’ve potentially got an unlocked door in the middle of a wall. It’s essential for companies to treat the information security of suppliers with the same seriousness as their own, and verify the systems they have in place,” says Vlissidis

In confirming the IP theft, Symantec said the stolen code is from two older enterprise products, one of which has been discontinued. “The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers,” the company said in a statement.

Start the conversation

0 comments

Send me notifications when other members comment.

Register

Login

Forgot your password?

Your password has been sent to:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy